Hello I am using Mac Authentication.
Here are my logs when I connect a device to my switch if I haven't enabled automatic device registration in the portable profile : Mar 11 15:23:00 TPI-PF1 auth[2078]: [mac:2c:44:fd:65:ab:27] Rejected user: 2c44fd65ab27 Mar 11 15:23:00 TPI-PF1 auth[2078]: (11391) Rejected in post-auth: [2c44fd65ab27] (from client 192.168.137.200/32 port 9 cli 2c:44:fd:65:ab:27) Mar 11 15:23:00 TPI-PF1 auth[2078]: (11391) Login incorrect: [2c44fd65ab27] (from client 192.168.137.200/32 port 9 cli 2c:44:fd:65:ab:27) However, this device meets the condition I defined in the authentication rule: memberOf is member of VLAN1 Action : set the role vlan_1 So it should get the VLAN1 role without any problem, but it is not the case. If I enable automatic device registration, I always get the registration role and the vlan ID corresponding to this role in the role section of the switch. Thank for your andswer. [rcortat]<http://www.imageson.ch/> [logoBNJ]<http://www.bnjpublicite.ch/> [logoRJB]<http://www.rjb.ch/> [logoRTN]<http://www.rtn.ch/> [logoRFJ]<http://www.rfj.ch/> [logoGRRIF]<http://www.grrif.ch/> [https://medias.bnj.ch/Mails/Common/isFooter.jpg]<https://redir.bnj.ch/site/IS> De : Ludovic Zammit <lzam...@inverse.ca> Envoyé : mercredi, 10 mars 2021 17:43 À : packetfence-users@lists.sourceforge.net Cc : Robin Cortat <rcor...@imageson.ch> Objet : Re: [PacketFence-users] VLANs assignation for HP Procurve 2824 switch Hello, Are you doing Mac authentication or 802.1x? Post your logs and we will advise. Thanks, Ludovic Zammit lzam...@inverse.ca<mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: www.inverse.ca<https://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu<http://www.sogo.nu/>) and PacketFence (http://packetfence.org<http://packetfence.org/>) On Mar 10, 2021, at 11:03 AM, Robin Cortat via PacketFence-users <packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>> wrote: What I did: I created a Vlan_1 role and a Vlan_2 role. In switches, I assigned vlan id 1 to role Vlan_1 and vlan id 2 to role Vlan_2. I then created an internal AD source, and made a rule with this condition : memberOf is member of VLAN1 Action : set the role vlan_1 access time 5 days Same for vlan2. Then in portal profiles : Filter: MySwitch Sources: MY_AD But it looks like the rules in the source do not apply. In the radius logs, I get denied access for the machine that connects to the switch if I haven't enabled automatic device registration in the portable profile. If I enable it, I always get the registration role and the vlan ID corresponding to this role in the role section of the switch. And one more thing. Is it possible to automatically assign a vlan without the user having to log in manually? Thanks for your answer ________________________________ De : Durand fabrice <fdur...@inverse.ca<mailto:fdur...@inverse.ca>> Envoyé : mercredi, 10 mars 2021 02:10:40 À : Robin Cortat; packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net> Objet : Re: [PacketFence-users] VLANs assignation for HP Procurve 2824 switch Can you share what you configure on the switch ? Do you see anything in the radius.log file ? Le 21-03-09 à 08 h 25, Robin Cortat a écrit : Precisely and simply, this is what I want to do: A device plugs into the switch; is this device part of my AD? If yes, it joins my company VLAN, if not, it joins an isolation VLAN. I really need your help because this is an important and decisive project for me. I think the problem is that I don't know exactly how and what commands I need to perform on my switch and in packetfence to achieve this. Thank you in advance for your answer. [rcortat]<http://www.imageson.ch/> [logoBNJ]<http://www.bnjpublicite.ch/> [logoRJB]<http://www.rjb.ch/> [logoRTN]<http://www.rtn.ch/> [logoRFJ]<http://www.rfj.ch/> [logoGRRIF]<http://www.grrif.ch/> [https://medias.bnj.ch/Mails/Common/isFooter.jpg]<https://redir.bnj.ch/site/IS> De : Robin Cortat Envoyé : mardi, 9 mars 2021 07:15 À : 'packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>' <packetfence-users@lists.sourceforge.net><mailto:packetfence-users@lists.sourceforge.net> Cc : Durand fabrice <fdur...@inverse.ca><mailto:fdur...@inverse.ca> Objet : RE: [PacketFence-users] VLANs assignation for HP Procurve 2824 switch Hello, Theoretically, there are 2 VLANs on the switch. I followed the Network Devices Configuration Guide to configure my switch, the HP ProCurve 2500 Series chapter. On PacketFence, I linked my AD and added my switch. I created a connection profile saying that if the device that plugs into my switch was part of the AD, it would be on VLAN 1, and if it wasn't, it would be on VLAN 2. But there is no indication that it works. Is what I did theoretically correct? De : Durand fabrice via PacketFence-users <packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>> Envoyé : mardi, 9 mars 2021 02:53 À : packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net> Cc : Durand fabrice <fdur...@inverse.ca<mailto:fdur...@inverse.ca>> Objet : Re: [PacketFence-users] VLANs assignation for HP Procurve 2824 switch Hello Robin, what is the configuration you applied on the switch ? What have been done on the packetfence side ? Do you have any logs ? Regards Fabrice Le 21-03-08 à 10 h 15, Robin Cortat via PacketFence-users a écrit : Hello, I use an HP ProCurve 2824 switch, and the only thing I would like to do with PacketFence is to assign VLANs to devices that would connect to the switch based on authentication rules. Unfortunately, after hours and hours of reading documentation and testing, I did not get what I wanted. Isn't there a simple way to achieve this solution? Thank you very much for your answer. _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
